Admin console not accessible with keycloak version 25.0.0 and hostname V2 configurations

I am currently running Keycloak version 25.0.0 in production, configured with an NGINX reverse proxy. My goal is to use Keycloak with the host https:// somehost. com for public access while restricting access to the admin console to my internal network using its IP and port directly.

Here are my current Keycloak hostname v2 configurations:
KC_HOSTNAME=https://abc.com # Public hostname for the web app
KC_HOSTNAME_PORT=8080 # Port where Keycloak is running
KC_HOSTNAME_ADMIN=http://localhost:8080/auth # URL to access the admin console internally
KC_HTTP_ENABLED=true

Problem:

When running Keycloak with the above configuration, I am unable to access the admin console. Specifically, the requests for some resources required to render the admin UI are being sent to the frontend host (i.e., KC_HOSTNAME) instead of KC_HOSTNAME_ADMIN.

For example:

  • Initial request and JavaScript and CSS resources are correctly routed to KC_HOSTNAME_ADMIN. Ex - “auth/admin/master/console/”, “auth/resources/zre7y/admin/keycloak.v2/assets/index-C1LIsRX7.js”
  • However, some resources (e.g., html) are incorrectly routed to KC_HOSTNAME. Ex “resources/master/admin/en”,
    “realms/master/protocol/openid-connect/3p-cookies/step1.html”

Additional Note:

The /auth path in the URL is intentional; I recently migrated from version 10 to version 25, and due to legacy reasons, I retained /auth as a relative path.

Assistance Needed:

Has anyone encountered a similar issue or can provide guidance on how to ensure all admin console resources are correctly routed to KC_HOSTNAME_ADMIN?

I am happy to share Docker files or other configuration details if someone wants to replicate the issue on their machine.

1 Like